PDA

View Full Version : Tiny unimportant bug with urldecode


renehaentjens
12-09-2003, 04:42 AM
In search_function.php (1.6.5) there is an urldecode in lines 80 and 90. I'm almost sure that these should be taken out. The web server does the urldecode for you...

The calls are harmless in 99.999% of the cases, but it is possible to construct a very artificial example where things go wrong.

You need a site where pages can contain words that contain two hex digits, for example 'E9X1', 'E9X2' etc.

Then, when you search with a query_string = % E 9 X (words begin) and find more hits than fit on one page, the first page of search results is OK (% is ignored as word separator) but you'll loose the rest when navigating to the second page of the search results.

Charter
12-10-2003, 09:31 AM
Hi. Can you give a link to the page containing hex digits and a link to the search page?

renehaentjens
12-11-2003, 12:26 AM
Here's the complete site. Just index it, search for "p f x - % E 9 X" (words begin) and navigate to the second page of search results to find them gone.

<?php
if ($link = (get_magic_quotes_gpc()) ?
stripslashes($_GET['link']) : $_GET['link'])
// no (raw)urldecode needed here, that is automatically done for you
{
echo '<h1>', htmlspecialchars($link), '</h1>';

// mysql_query("SELECT `url` FROM `link_table` WHERE `link`='" .
// addslashes($link) . "'");
}
else
{
echo '<h1>Links</h1><ul>';
foreach (array("pfx-Apo'strophe", 'pfx-Quo"te', "pfx-Back\slash",
"pfx-Greater>than", "pfx-Less<than", "pfx-Amper&sand",
"pfx-coefficiënt", "pfx-façade", "pfx-tête-Ã*-tête",
"pfx-%E9-01", "pfx-%E9-02", "pfx-%E9-03", "pfx-%E9-04",
"pfx-%E9-05", "pfx-%E9-06", "pfx-%E9-07", "pfx-%E9-08",
"pfx-%E9-09", "pfx-%E9-10", "pfx-%E9-11", "pfx-%E9-12",
"pfx-S p a c e")
as $link)
{
echo '<li><a href="site.php?link=' . rawurlencode($link) . '">' .
htmlspecialchars($link) . '</a></li>';
}
echo '</ul>';
}
?>